Identity and Access Management (IdAM) | CAC | Non-privileged Access to End User Applications

DoD Cloud SRG Definition
Mission Owner access control credentials [are] required at each information impact level IAW DoDI 8520.03 in the following categories:
Non-privileged user access to Mission Owner’s systems and applications instantiated on IaaS/PaaS. (i.e., mission application end-users).

• Translation: CAC authentication is required for normal DoD user access to an application. Whether this is accessing a ticketing system (e.g., JIRA), knowledge base (e.g., Confluence), content management system (e.g., Wordpress, Joomla, Drupal, etc.), custom application, etc., they all require CAC authentication. However, there are exceptions. Many applications cannot support CAC authentication because its users do not have a CAC, but still need to access the data — e.g., state and local authorities, authorized foreign nationals, etc.

In the process of migrating this data. Check back soon for updates.

Have suggestions for cloud security issues you want to know more about?

Maybe we have an answer. Let us know below.

Reach out